Merge branch 'remove-ff-create_vulnerabilities_via_api' into 'master'

Remove feature flag `create_vulnerabilities_via_api` See merge request gitlab-org/gitlab!75685

Merge branch 'remove-ff-create_vulnerabilities_via_api' into 'master'
Remove feature flag `create_vulnerabilities_via_api` See merge request gitlab-org/gitlab!75685
5f70b3a4 · Thong Kuah · e57ab5dd · 7d8ac5e2 · e57ab5dd · 5f70b3a4
Commit 5f70b3a4 authored Dec 07, 2021 by Thong Kuah
5 changed files
--- a/config/feature_flags/development/create_vulnerabilities_via_api.yml
+++ b/config/feature_flags/development/create_vulnerabilities_via_api.yml
---
-name: create_vulnerabilities_via_api
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68158
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/338694
-milestone: '14.3'
-type: development
-group: group::threat insights
-default_enabled: true
--- a/ee/app/graphql/mutations/vulnerabilities/create.rb
+++ b/ee/app/graphql/mutations/vulnerabilities/create.rb
@@ -73,8 +73,6 @@ module Mutations
      def resolve(**attributes)
        project = authorized_find!(id: attributes.fetch(:project))

-        raise Gitlab::Graphql::Errors::ResourceNotAvailable, 'Feature disabled' unless Feature.enabled?(:create_vulnerabilities_via_api, project, default_enabled: :yaml)
-
        params = build_vulnerability_params(attributes)

        result = ::Vulnerabilities::ManuallyCreateService.new(

--- a/ee/app/services/vulnerabilities/manually_create_service.rb
+++ b/ee/app/services/vulnerabilities/manually_create_service.rb
@@ -17,10 +17,6 @@ module Vulnerabilities
    end

    def execute
-      unless Feature.enabled?(:create_vulnerabilities_via_api, @project, default_enabled: :yaml)
-        return ServiceResponse.error(message: "create_vulnerabilities_via_api feature flag is not enabled for this project")
-      end
-
      raise Gitlab::Access::AccessDeniedError unless authorized?

      timestamps_dont_match_state_message = match_state_fields_with_state

--- a/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb
+++ b/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb
@@ -77,77 +77,61 @@ RSpec.describe Mutations::Vulnerabilities::Create do

      let(:project_gid) { GitlabSchema.id_from_object(project) }

-      context 'when feature flag is disabled' do
-        before do
-          stub_feature_flags(create_vulnerabilities_via_api: false)
-        end
-
-        it 'raises an error' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
+      it 'returns the created vulnerability' do
+        expect(mutated_vulnerability).to be_detected
+        expect(mutated_vulnerability.description).to eq(attributes.dig(:description))
+        expect(mutated_vulnerability.finding_description).to eq(attributes.dig(:description))
+        expect(mutated_vulnerability.finding_message).to eq(attributes.dig(:message))
+        expect(mutated_vulnerability.solution).to eq(attributes.dig(:solution))
+        expect(subject[:errors]).to be_empty
      end

-      context 'when feature flag is enabled' do
-        before do
-          stub_feature_flags(create_vulnerabilities_via_api: project)
-        end
+      context 'with custom state' do
+        let(:custom_timestamp) { Time.new(2020, 6, 21, 14, 22, 20) }

-        it 'returns the created vulnerability' do
-          expect(mutated_vulnerability).to be_detected
-          expect(mutated_vulnerability.description).to eq(attributes.dig(:description))
-          expect(mutated_vulnerability.finding_description).to eq(attributes.dig(:description))
-          expect(mutated_vulnerability.finding_message).to eq(attributes.dig(:message))
-          expect(mutated_vulnerability.solution).to eq(attributes.dig(:solution))
-          expect(subject[:errors]).to be_empty
+        where(:state, :detected_at, :confirmed_at, :confirmed_by, :resolved_at, :resolved_by, :dismissed_at, :dismissed_by) do
+          [
+            ['confirmed', ref(:custom_timestamp), ref(:custom_timestamp), ref(:user), nil, nil, nil, nil],
+            ['resolved', ref(:custom_timestamp), nil, nil, ref(:custom_timestamp), ref(:user), nil, nil],
+            ['dismissed', ref(:custom_timestamp), nil, nil, nil, nil, ref(:custom_timestamp), ref(:user)]
+          ]
        end

-        context 'with custom state' do
-          let(:custom_timestamp) { Time.new(2020, 6, 21, 14, 22, 20) }
-
-          where(:state, :detected_at, :confirmed_at, :confirmed_by, :resolved_at, :resolved_by, :dismissed_at, :dismissed_by) do
-            [
-              ['confirmed', ref(:custom_timestamp), ref(:custom_timestamp), ref(:user), nil, nil, nil, nil],
-              ['resolved', ref(:custom_timestamp), nil, nil, ref(:custom_timestamp), ref(:user), nil, nil],
-              ['dismissed', ref(:custom_timestamp), nil, nil, nil, nil, ref(:custom_timestamp), ref(:user)]
-            ]
+        with_them do
+          let(:attributes) do
+            {
+              project: project_gid,
+              name: "Test vulnerability",
+              description: "Test vulnerability created via GraphQL",
+              scanner: scanner_attributes,
+              identifiers: [identifier_attributes],
+              state: state,
+              severity: "unknown",
+              confidence: "unknown",
+              detected_at: detected_at,
+              confirmed_at: confirmed_at,
+              resolved_at: resolved_at,
+              dismissed_at: dismissed_at,
+              solution: "rm -rf --no-preserve-root /",
+              message: "You can't fix this"
+            }
          end

-          with_them do
-            let(:attributes) do
-              {
-                project: project_gid,
-                name: "Test vulnerability",
-                description: "Test vulnerability created via GraphQL",
-                scanner: scanner_attributes,
-                identifiers: [identifier_attributes],
-                state: state,
-                severity: "unknown",
-                confidence: "unknown",
-                detected_at: detected_at,
-                confirmed_at: confirmed_at,
-                resolved_at: resolved_at,
-                dismissed_at: dismissed_at,
-                solution: "rm -rf --no-preserve-root /",
-                message: "You can't fix this"
-              }
-            end
-
-            it "returns a #{params[:state]} vulnerability", :aggregate_failures do
-              expect(mutated_vulnerability.state).to eq(state)
-
-              expect(mutated_vulnerability.detected_at).to eq(detected_at)
-
-              expect(mutated_vulnerability.confirmed_at).to eq(confirmed_at)
-              expect(mutated_vulnerability.confirmed_by).to eq(confirmed_by)
-
-              expect(mutated_vulnerability.resolved_at).to eq(resolved_at)
-              expect(mutated_vulnerability.resolved_by).to eq(resolved_by)
-
-              expect(mutated_vulnerability.dismissed_at).to eq(dismissed_at)
-              expect(mutated_vulnerability.dismissed_by).to eq(dismissed_by)
-
-              expect(subject[:errors]).to be_empty
-            end
+          it "returns a #{params[:state]} vulnerability", :aggregate_failures do
+            expect(mutated_vulnerability.state).to eq(state)
+
+            expect(mutated_vulnerability.detected_at).to eq(detected_at)
+
+            expect(mutated_vulnerability.confirmed_at).to eq(confirmed_at)
+            expect(mutated_vulnerability.confirmed_by).to eq(confirmed_by)
+
+            expect(mutated_vulnerability.resolved_at).to eq(resolved_at)
+            expect(mutated_vulnerability.resolved_by).to eq(resolved_by)
+
+            expect(mutated_vulnerability.dismissed_at).to eq(dismissed_at)
+            expect(mutated_vulnerability.dismissed_by).to eq(dismissed_by)
+
+            expect(subject[:errors]).to be_empty
          end
        end
      end

--- a/ee/spec/services/vulnerabilities/manually_create_service_spec.rb
+++ b/ee/spec/services/vulnerabilities/manually_create_service_spec.rb